Contents

This document provides a sample configuration for the setup of Firewall
Load Balancing (FWLB) while using only one Content Switching Module (CSM). FWLB
requires the firewall farm to be surrounded by load balancers. This is to
guarantee that the inbound and outbound traffic of a single session is load
balanced to the same firewall. When using a CSM, you can use the same module to
do the job of both loadbalancers. This document shows you how to achieve
this.

The information in this document is based on these software and
hardware versions:

CSM running version 3.x

The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.

This section provides information you can use to troubleshoot your
configuration.

If you experience problem with this setup, the first thing to do is
check if there is any hit on the vserver by issuing the show mod
csm slot vserver command. If you do not
see a hit, make sure the vserver is in service. Make sure traffic is sent to
the CSM using a sniffer trace. When you see hits, issue the show
mod csm slot conns detail command to
verify that an entry was created for the connection you are looking for. You
will then need to use a sniffer again to make sure the traffic is sent to the
correct firewall (you can also use any type of logging on the firewall).
Proceed this way to follow the path of the traffic.